SPECIFICATIONA security systemThe invention is in the field of electronic security systems for limiting access to such diverse places and things as buildings and computer programs.
There are many electronic security systems designed to control access to places and things, such as private or public premises, computer programs, stored computer information, etc.
These systems all require the use of some preset code to gain the desired access.
For example, many systems require a person seeking such access to feed a code, e.g. a password, into an electronic device, which then compares the code with a preset code, and, if the two match, unlocks an electrically operated lock or electronic lock to allow the access desired. In such instances, the code is preset in the device and all authorized users are given such code.
In other systems, a code may be magnetically or otherwise encoded on a card which is inserted into a reading device that determines if the encoded code is the same as the preset code and, if so, allows access.
A problem with such systems is that once the code is known, particularly if by a large group of users, it may inadvertently be imparted to unauthorized persons. Even where possession of a physical device, such as an encoded card is necessary for obtaining access, such a card is easily duplicated once the code is known.
Although the code can be changed each time an unauthorized user is suspected of having the code, the new code has to be given to all authorized users. Moreover, in those instances in which a fixed code is used, ways have been found to break such code.
The need remains for a simple yet more sophisticated security system that cannot be easily broken.
According to the invention, a security system generates a first variable which is displayed to the user. The user has a separate device into which this first variable is entered and which then generates a second variable which has a predetermined relationship to the first variable.
This second variable is then entered by the user into the security system which has itself also generated the second variable. The second variables are compared and if they correspond, access is granted.
The system thus includes first character generator means for generating a first variable, second character generator means for generating a related second variable having a predetermined relationship to the first variable, separate user operated "key" means for generating a corresponding second variable, means for the user to input this second variable into the system, character comparator means for comparing the two second variables, i.e. the second variable generated by the second character generator and the second variable entered by the user, andaccess lock means for allowing access if the twovariables correspond.
The user operated "key" means for generatingthe second variable may take several forms, suchas a numericai, alphabetical, or similar table or aprogrammed calculator.
With the system of the invention, the code or"password", which is the second variable,depends upon the first variable which preferably israndomly generated. Also, the relationshipbetween the first and second variable need not beknown, and preferably is not known, by the user.
The user merely needs to have access to the"key", i.e., the user operated means for generatingthe second. variable. When this takes the form of apreprogrammed calculator, the relationshipbetween the first and second variable may bemade very complicated and almost impossible towork out emperically. Thus, the device forgenerating the second variable can be madealmost impossible to duplicate, meaning that onlythe person with the device can gain access to theproperty protected.
In the accompanying drawings, whichrepresent the best mode presently contemplated for carrying out the invention.
Fig. 1 is a flow chart of the invention;Fig. 2, a table for use with one embodiment ofthe invention;Fig. 3, a device embodying a table similar to that shown in Fig. 2;Fig. 4, a perspective view of a typical hand heldcalculator that can be preprogrammed and used with the invention;Fig. 5, a circuit diagram of one embodiment of the calculator of Fig. 4;Fig. 6, a perspective view of a secondembodiment of a calculator that can bepreprogrammed and used with the invention; andFig. 7, a perspective view of the removableintegrated circuit package used with the calculatorof Fig. 6.
Referring to Fig. 1, which shows in block form the basic components of the security system, when access is desired a first character generator generates a character or variable from a first set of variables. Such first variable may be a digit or single letter of the alphabet, or multiple numerical digits and/or alphabetical symbols, or even other symbols. For example, the first character or variable may be the letters "EF". It is preferred that the first character generator be a random character generator so that the first variable is randomly generated, or at least appears to a user to be randomly generated. In this way, the user does not know and cannot anticipate which variable will be generated by the first character generator.
Once the first variable is generated, it is outputted from the system such as by a display.
Thus, the letters "EF" may appear on a visual 'display such as a liquid crystal display or a lightemitting diode display, or may appear on the usual cathode ray tube display used with computers.
A second character generator then generates a second character or variable which has a predetermined relationship to the first character.
The first and second variables may be related in an infinite number of ways. They may be related by means of some functional or mathematical relationship or may be randomly related by a preset table, such as the table shown in Fig. 2.
In order for a user to "unlock" the system, the user must take the first variable which is displayed to him, and, using a "key", determine the proper second variable. If the variables are related by a table, the authorized user of the system would have a table, such as the table of Fig. 2, available to him in some form, such as on a cylinder as shown in Fig. 3. With the first variable displayed as "EF", the user would go down the table of Fig.
2 to row "E" and across to column "F". He would then find the second variable, the letter "T".
The user then inputs the letter 'T" into the system, such as through a keyboard, and a character comparator in the system compares this user generated second variable with the second variable internally generated by the second character generator in the system. If such variables are the same, some type of locking mechanism is operated to unlock and allow access to the thing protected. If the variables are not the same, access is denied. The user may be afforded another chance to input an answer, or may be required to again go through the process of determining a second variable after a new first variable has been generated. For example, the first variable "CG" may be generated and displayed.
This time, the user would have to input the letter "D" in order to gain access. With the table of Fig.
2, the first set of variables is all combinations of two letters that can be made using the letters A through H as the first letter of the two letter variable and using the letters A through K as the second letter.
While the table of Fig. 2 is illustrated as a simple table, in practice, such table would be made much larger so that it would be difficult and time consuming to copy. Thus, the table could have rows and columns for the whole alphabet plus double letters, combinations of capital and small letters or letters and numbers. A very large table could be made. Further, rather than being printed on a flat sheet of material which could be easily mechanically copied such as by a copy machine, it would be provided in a form such as the cylinder shown in Fig. 3. A cylinder is very difficult to copy in a copy machine. Other shapes, particularly ones having curved surfaces such as a sphere, could be used. The table surface could be covered with a colored material or filter so that copying it is difficult, or the table itself could be made in colors that do not copy well.To increase the time and inconvenience in manually copying such table, a set of several tables could be used.
The first variable could then show "cm 1" meaning row "C", column "F" of table "1".
Rather than using tables, a preprogrammed device such as a hand-held calculator, Fig. 4, could be used. In such instances, when the system displays the first variable, such as the number "1 5", this number is entered into the calculator 20 by means of keyboard 21. The calculator is set to run a preset program that can be of any length and complexity and to then display the second variable via display 22. The variable displayed is then entered by the.user into the system where it is compared with the second variable generated by the system's second character generator. Using such a preprogrammed calculator, the relationship between the first variable and the second variable can be made so complex that it would be virtually impossible to determine such relationship emperically, or to "break the code".Also, in calculating the second variable, the first variable can be broken up to be entered into such calculator as actually two or three entries to the calculator program. Thus, the system's first variable may be the number "2135". This could mean in the preset program that the number "21" is entered into the calculator first as a first entry into the calculator program and the number "35" entered as a second entry into the calculator program. However, this is all considered the first variable in the system.
While any type of programmable calculator could be used, a relatively simple circuit for use with the system is illustrated in Fig. 5. A single chip microcomputer IC1, such as a NationalSemiconductor COPS 421 L, is connected and programmed to handle all necessary functions. A nine volt battery 23 is connected through on-off switch 24 to provide power to IC 1. Any power supply which supplies between positive four and nine volts to IC1 could be used. Resistor R1 and capacitor C1 are provided to set the frequency of the internal clock of IC1.
Four conductors 25,26, 27, and 28, Fig. 5, are connected to four programmable output terminalsAl through A4 of IC1 and are arranged as a matrix with four conductors 29, 3q, 31, and 32 connected to four programmable-input terminals B1 through B4 to form a four by four matrix as shown. This matrix has sixteen points where a conductor connected to an output terminal crosses over a conductor converted to an input terminal. This matrix is physically positioned under keyboard 21, Fig. 4, so that one key of the sixteen key keyboard is over each of the sixteen wire intersections. In normal condition, the wires would not touch at the intersection where they are shown crossing so no contact between the output and input wires would be present. When a button is pressed, contact between the input and output wires at the intersection under that button will occur. This is a standard type of keyboard arrangement used with many hand-held calculators.
The four output conductors 25 through 28 are also connected to four single digit displays 33, 34, 35 and 36, respectively, which make up display 22. The single digit displays may each be aLitronix MAN-4.
Seven additional programmable output terminals of IC1, labeled C1 through C7, are connected to each of the displays in parallel.
The microcomputer IC1 is programmed to scan the four output lines 25 through 28 repetitively by sequentially putting a low signal, i.e. zero volts, on each of the four lines while the remaining three lines are high, i.e. plus five volts. This supplies power to the keyboard matrix and sequentially operates each of the displays. A display is caused to operate when its control input goes from plus five volts to zero volts. The scan is rapid enough so that although each display is operated sequentially, each display appears to the eye to be on continuously.
When a key of keyboard 21 is depressed so that one of the output wires 25 through 28 contacts one of the input wires 29 through 32, an input signal will appear on the appropriate input terminal B1 through B4 in conjunction with an output at one of the terminals Al through A4.
Thus, if button "2" of keyboard 21 is depressed, a high signal is produced on input line 30 which goes low when output line 27 goes low. This input represents the number "2" to the computer.
Similarly, the depressing of other buttons of keyboard 22 will cause other combinations of output and input signals representing the respective numbered keys. Since the scan of the output conductors is relatively rapid, the computer IC1 is programmed to recognize several similar inputs as a single inputs, and to require several scans of no input to separate consecutive inputs.
The microcomputer IC1 is programmed to accept the first variable as entered by the user via the keyboard, and to generate a variable having a predetermined relationship to that first variable.
For example, the predetermined relationship may be to double the input, add fifty, and rotate left, i.e.
move the leftmost digit of the answer to the rightmost position and move other digits appropriately. Thus, if the first variable was the number "15", the second variable would be (15 x 2) + 50 = 80, or in four digits 0080. After rotating left, the second variable would end up 0800. The complexity of the relationship between the first and second variable is limited only by the capability of the particular microcomputer used.
The second variable as determined by IC1 is displayed on display 22. The seven output terminals C1 through C7 each control one segment of the seven segments making up each digit. Thus, signals appear on terminals C1 through C7 to cause each display to form the first digit of the calculated second variable simultaneously with a low signal on output line 25 to thereby cause that digit to appear in display 33 as the leftmost digit of display 22. Signals appear on terminals C1 through C7 to cause the displays to form the second position of the calculated variable simultaneously with a low signal on line 26 causing that digit to appear in the second digit from the left in display 22.Similarly, displays 35 and 36 forming the digits in the third and fourth position from the left in display 22 appear simultaneously with low signals on lines 27 and 28, respectively.
A chip such as described for IC1 is ordered from the chip manufacturer with a memory containing a particular program desired and designed by the system designer. Thus, the program as described above would be designed by the system designer for use in a particular system or set of systems and then supplied to the system designer, to be supplied to the system user as a preprogrammed unit. Alternately, a microcomputer chip having a field programmable memory, but otherwise similar to It1, such as a National Semiconductor COP 402, could be used which, rather than being programmed by the chip manufacturer according to system designer specifications, can actually be programmed by the system designer himself, and then similarly supplied to the system user as a preprogrammed unit.
The same type of hand-held, preprogrammed calculator could be used without a keyboard or display by making the calculator plug directly into a socket associated with the system so that a user would plug the calculator in, the system would supply the first variable directly to the calculator which would generate its second variable and supply it directly back to the system. Although in such instance the user is merely plugging his "key" into the system to unlock it, the user is still involved in supplying the "key" and, for purposes of this invention, the calculator device or "key" is still considered as a user operated device for determining the second variable, and the user is considered as providing the input to the calculator and entering the second variable into the svstem.
by the act of plugging in the calculator.
One important use of the system of the invention is in protecting computer programs from unauthorized use.
Today most computers are of general purpose type where they are programmed to do specific jobs, rather than being specially wired to do those jobs. Thus, programs which enable a computer to do certain jobs may be very valuable. However, most programs are supplied on magnetic tape or discs and, as such, programs may be easily copied from one tape or disc to another. Further, once a program is loaded into a computer, that computer, in some instances, can transfer a program directly to another computer.
Prior art program-protection systems attempt to make it difficult to copy a program from one disc or tape to another by means of scrambling the program or putting program codes in areas of a disc not usually copied. Such systems, however, can generally be easily broken. The system of the invention, rather than being directed to stopping the actual copying of the program, limits access to the program to only authorized users. Thus, although a program may be copied from a disc or tape, it cannot be used without going through the security system described.
In order to use such system in conjunction with a computer program, when a program is called up for use in the computer, the program itselfrandomly generates the first variable and displaysit. The type of display will vary with the computer equipment used. After display of the first variable, the user then has to determine a second variable and enter it into the computer. The computer is programmed to generate the second variable on its own and to compare it to the second variable entered by the user. If they correspond, the program, in effect, unlocks itself and the computer proceeds to run the program. If they do not correspond, the computer can generate a second first variable, or can be set to dump the program from its memory, or take other appropriate action.
It has been found in general that satisfactory security is obtained if the user is given three chances to come up with a proper second variable before dumping the program from its memory.
This makes allowance for any mistake a user may make in determining the second variable even though he has a proper "key", but does not allow unlimited trial and error.
Rather than implementing the system when the program is initially called up for use in the computer, the program may be set so that the second variable is required to be supplied at various other places and set to be activated only at certain times, on a random basis, or on some other preset basis. For example, the program may be called up for use in the computer and function normally, but at some random point during use, may generate the first variable and ask for the second variable before continuing its operation.
It has been found particularly effective to call for operation of the system at critical function points in a program. For example, with a word processing program it is generally required that after the creation of a new document, or after the editing of a document has been completed, the new or edited document must be saved and stored. It may be desirable to require generation of the second variable and its input to the computer by the user after creating or editing a document, but prior to storage of such document. Then, unless the user can input the correct variable, he cannot store the document and his work is lost.
Rather than calling for the variable each time a document is to be stored, it may be desirable to call for the input of the second variable only sometimes when the document is to be stored.
Whether or not the input of the second variable is required could be related to the length of the document to be stored or to the number of key strokes exercised in creating or editing the document so that the program would operate normally for short documents, but require the user to show that he is actually an authorized user by the input of the correct variable only after he has expended much time and effort and stands to lose the product of that effort.
It should be understood that there will be an endless variety of ways of actually using or implementing the security system in conjunction with a computer system.
The actual programing of the system will vary from program to program and with the equipment for which the protected programs are written.
Such programing, however, will be obvious to a person skilled in the art from the above description of the system, so is not detailed here. The actualrelationship between the first and second variables may be determined by the programmer and included in the program when written or may be determined by the supplier of the calculator unit, but disclosed to the programmer so that the same relationship may be programmed into the computer program.
The complexity of the relationship between the first and second variables and the manner in which the user generates the second variable will vary with the value of the program being protected. Thus, for a computer game program where the program itself may cost only twenty to thirty dollars, an inexpensive device, such as a form of the chart described, will be supplied with the program to the authorized user. Where a complex data processing program costing several thousand dollars or more is being protected, a device such as a preprogrammed, hand-heldcalculator can be used and supplied to theauthorized user of the program along with theprogram.
A presently preferred embodiment of the calculator unit for use with computers is shown inFig. 6. Rather than being hand held, the calculator, indicated generally as 40, is designed to be mounted on the keyboard 41 of a computer. No electrical connection to the computer is necessary so the unit 40 may be mounted in any position about the keyboard which will not interfere with normal computer operation. The unit 40 may be secured to the keyboard, or to other areas of a computer work station, by various means such as by tape or other adhesive. Also, the unit 40 could be kept as a portable unit and not secured at all.
Calculator unit 40 is designed to be used for many different programs which may be protected by the system and run in the same computer. Unit 40 contains a keyboard indicated generally at 42 made up of six keys represehting the numbers one through six. While additional keys could be provided, it has been found that for purposes of the invention, six keys are sufficient. In addition to keyboard 42, unit 40 has an enter key 43, a display 44, and a receiving pocket 45 adapted to receive and hold in electrical communication therewith an integrated circuit package 46. As previously described, each program protected by the system will generally have its own individual formula relating the first and second variables.
With the calculator unit shown in Fig. 6, rather than a separate calculator for each program, the same unit is used, but the integrated circuit which contains the preprogrammed formula, and sometimes other data, is changed when the program is changed. Thus, rather than a complete calculator for each program protected by the system, the user would be supplied with an individual integrated circuit package 46 for each program. When a particular program is to be used in the computer, the program's associated integrated circuit package is plugged into the universal calculator unit 40.
The circuitry of calculator unit 40 may be similar to that shown in Fig. 5 for the calculator unit 20 of Fig. 4 with obvious changes for the reduced number of keys, the number of keys being seven in calculator 40 as opposed to sixteen for calculator 20. The integrated circuit microcomputer unit IC1 of Fig. 5 is the removable integrated circuit package 46 of Figs. 6 and 7. It is to be understood that the circuitry shown in Fig. 5 is merely illustrative and that many obvious variations can be made in adapting the invention to various forms of calculator units or various circuit components.
In the basic system described, the computer program or other lock device generates a first variable and asks the user to generate and input a second variable, thus requiring the user to input the first variable into his calculator unit each time a second variable is required. In some instances, it is desirable to eliminate some of the steps and for this purpose, automatic generation of the variables may be provided for. With automatic generation of the variables, not only is the second variable related to the first variable by some predetermined relationship, but the successive first or second variables are also related by some predetermined relationship so that the calculator and computer both know what the successive variables should be.Thus, once a first variable has been generated by the program and entered into the calculator unit by the user, and a corresponding second variable generated by the calculator unit and entered into the computer, the program and the calculator have been synchronized. Both the program and the calculator then can automatically generate the successive first variables and their associated second variables without the user actually keying the first variable into the calculator. In use, after synchronization, when the program asks for the input of the second variable, the user merely pushes the enter button 43 on the calculator and the correct second variable is displayed by display 44. This saves the user the time required to actually key the first variable into the calculator unit. The user still must enter the second variable displayed into the computer.Rather than automatically generating the first variable through a predetermined relationship to the previously generated first variable and then generating the corresponding second variable, the second variable could be related through a predetermined relationship so that a second variable is generated directly from the preceeding second variable upon depression of enter button 43. The actual method used for generating the variables and for operation of the program is a matter of choice for the programmer.
If the computer program and the calculator unit become unsynchronized so that the wrong second variable is entered into the computer, or if for some other reason the user enters the wrong second variable, the computer program would then generate a new first variable and require the user to go through the complete process of generating the second variable. The computer program could also either randomly, or after so many automatic generations, require the user to go through the entire process of actually keying in the first variable to ensure that the user is actually the authorized user and has not just obtained the series of second successive variables in advance.
Further, the program could keep track of the number of times a wrong second variable is entered, possibly indicating unauthorized use of the program, and be programmed to take action such as slowing down or refusing to operate after a certain number of wrong entries.
It is also possible to make the user operated means for generating the second variable, i.e. the calculator unit, itself intelligent so that it can keep track of various things such as the number of times it has been used, the date and time, etc. In fact, it is preferred that the calculator unit 40 also contains standard calendar circuitry so that when the display 44 is not showing a second variable, it is showing the time and/or date. With an intelligent calculator or integrated circuit 46, the system may be arranged so that in addition to merely generating first and second variables, the computer program and the calculator can actually communicate between one another.To communicate, the computer program may generate a request for information which, while being in the general format of a first variable and indistinguishable from a first variable to the user, is distinguishable by and understood by the calculator unit. The calculator unit would respond to the computer and supply the requested information in a format generally the same as that of a second variable, and again, to the user, indistinguishable from the second variable. For example, if the computer program wishes to know the date or time, it could send a request to the calculator which, in turn, would supply the date and time information. If the program desired to know how many times the calculator unit had been used to generate a second variable, it could ask for that information and, again, the calculator unit would supply such information.In addition to straight requests for information and straight responses, certain information may be coded on the actual first or second variables. Thus, time and date information may be encoded into the second variable enabling the computer program to determine if the second variable being entered into it has just been generated or comes from a list of previously generated variables. If desired, the program can require that all valid second variables entered have current date or time information.
In addition, with time and/or date information encoded in the variables entered into the computer, it is possible to implement restrictions on access according to time and date. Thus, if it is desired that a program can be used only between certain times of the day or only on certain days of the week or year, the program can be set to operate only if the time and/or date information encoded into the second variable indicates an allowable time. If a forbidden time is indicated, appropriate steps would be taken by the program,and access would not be granted.In some cases,the date and time information encoded into thesecond variable need not indicate to the computerthe actual time or date, but may merely be achange in the second variable so that if the secondvariable is generated during a certain time period,it will be a valid second variable, but if generated during another time period, it is changed enough so that it is no longer recognized by the computer as a valid second variable.
Where the calculator is able to keep track of the number of times it has been used to generate a second variable, it can be programmed to stop generating second variables after a predetermined number of uses. This feature can be advantageously used in connection with the trial use of software or the renting of software where only a certain number of program uses have been authorized or paid for.
With the arrangement of the calculator as shown in Fig. 6, and if the user has several programs protected by the system, it is advantageous to have a master type of integrated circuit available which can absorb and hold the programs and program variables contained on several of the individual integrated circuits which would be supplied as individual integrated circuit packages 46 with each of the individual programs.
In such instance, one integrated circuit package 46 could be used with several different protected programs. In order to program a master unit, the user's calculator must be programmed to facilitate the absorption and transfer of programs and variables from several integrated circuit packages 46 into a master integrated circuit. If the user's calculator does not have that capabiiity, the user could have such a master created by the software vendor or other party having the necessary capability.
In addition to protecting a computer program, such system can be effectively used in a computer to control access to certain data stored in the computer.
Rather than protecting computer programs or information stored in a computer where the system is programmed into the computer, the system could be easily built, either using a micro computer programmed to operate as described, or using hardwire circuitry for each of the blocks of Fig. 1, to operate electrically operated locks to protect premises from unauthorized entry. Thus, the door to a room could be provided with an electrically operated lock and a system of the invention provided in proximity to such lock, or at a remote location, where a button could be pressed to energize the system and cause display of the first variable. The person operating the system would then determine the second variable and enter it into the system. If the second variable is correct, the system would energize the lock to thereby allow the door to be opened and access to the premises given. The components and circuitry needed for such a system would be obvious to a person skilled in the electronics art so are not set forth in detail here.
Whereas this invention is here illustrated and described with specific reference to an embodiment thereof presently contemplated as the best mode of carrying out such invention in actual practice, it is to be understood that various changes may be made in adapting the invention to different embodiments without departing from the broader inventive concepts disclosed herein and comprehended by the claims that follow.